FD

@filedescriptor

@0xReconless

Hong Kong

innerht.ml

Inscrit en Février 2014

996Posts 17KAbonnés 34Abonnements

Vous pourriez aimer

@fransrosen

@albinowax

@disclosedh1

@bbuerhaus

@BRuteLogic

@garethheyes

@emgeekboy

@Th3G3nt3lman

@orange_8361

@Agarri_FR

@codecancare

@Yassineaboukir

@0xteknogeek

@MrTuxracer

@itscachemoney

FD a reposté

PortSwigger Research

@PortSwiggerRes

19 févr. 2024

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…

Top 10 web hacking techniques of 2023

Source: portswigger.net

FD

@filedescriptor

22 sept. 2023

Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?

filedescriptor's tweet image. Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?

FD a reposté

PortSwigger Research

@PortSwiggerRes

8 févr. 2023

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022! portswigger.net/research/top-1…

Top 10 web hacking techniques of 2022

Source: portswigger.net

FD a reposté

This #privacy audit looks like the first LeaveHomeSafe #pentest ever, way below commercial apps: Broken SSL validation, SD Card Leaks, 2FA Logic bypass, Screenshot leaks, several Face Recognition artifacts, etc. 7asecurity.com/blog/2022/07/l…

Open Technology Fund

@OpenTechFund

27 juil. 2022

Serious vulnerabilities have been found in the Hong Kong government's LeaveHomeSafe COVID-19 app. @7aSecurity recently conducted a security audit that discovered numerous flaws that allow interception of the LeaveHomeSafe app and its backend servers. opentech.fund/news/7asecurit…

7ASecurity, OTF Red Team Lab partner, completes Blackbox Pentest and Privacy Audit of LeaveHomeSafe...

Source: opentech.fund

FD a reposté

VXCON

@vxresearch

17 juin 2022

We are organising VXCON on 27 August. Please feel free to submit CFP. vxcon.hk

FD a reposté

Trend Zero Day Initiative

@thezdi

18 mai 2022

Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.

thezdi's tweet image. Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.

FD a reposté

‌Renwa

@RenwaX23

10 mai 2022

New writing about the story of 3 bug bounty reports in which I chain low severity bugs together for higher impact and less known browser tricks. Includes CSS injection, Self-XSS, Drag-Drop XSS, Cookie Bomb, Login-Logout-CSRF, and more... medium.com/@renwa/the-und…

RenwaX23's tweet card. Story of 3 bug bounty writeups which I use low bugs and chain them together for higher impact.

The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…

Source: medium.com

FD a reposté

Ed

@EdOverflow

27 avr. 2022

After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116. I would like to use this opportunity to thank those who made this possible. Thank you. ❤️

EdOverflow's tweet image. After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116.

I would like to use this opportunity to thank those who made this possible. Thank you. ❤️

FD a reposté

HACxyk.

@Hacxyk

16 avr. 2022

We found a way to spoof ENS domains and were awarded a $15k bug bounty by @ensdomains 👇Check out the write-up medium.com/@hacxyk/how-we…

Hacxyk's tweet card. TL;DR: We found a flaw that allowed us to spoof Ethereum domain names and received a $15k bounty.

How we spoofed ENS domains for $15k

Source: medium.com

FD a reposté

PortSwigger Research

@PortSwiggerRes

9 févr. 2022

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021! portswigger.net/research/top-1…

PortSwiggerRes's tweet card. Welcome to the Top 10 (new) Web Hacking Techniques of 2021, the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year

Top 10 web hacking techniques of 2021

Source: portswigger.net

FD a reposté

Ed

@EdOverflow

5 févr. 2022

New blog post: "What Bypassing Razer's DOM-based XSS Patch Can Teach Us" — edoverflow.com/2022/bypassing….

FD

@filedescriptor

20 janv. 2022

Why do we need NFT on social media??

FD a reposté

FD

@filedescriptor

11 août 2021

Also function solve(obj, property){ if(typeof obj != 'function') { obj(property).innerHTML = '<img src=1 onerror="alert(`You win`)">'; } else { alert('You must try harder than that.'); } }

FD a reposté

Luan Herrera

@lbherrera_

31 mai 2021

I've been meaning to create a blog for some time now, and I finally did it! For its first post I wrote about a vulnerability that allowed an attacker to leak the full URL of cross-origin redirects on Google Chrome, check it out! blog.lbherrera.me/posts/appcache…

lbherrera_'s tweet card. Leveraging AppCache's network section to leak the complete URL of cross-origin redirects.

AppCache's forgotten tales

Source: blog.lbherrera.me

FD a reposté

The Daily Swig

@DailySwig

21 mai 2021

‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers (@0xReconless ) on filling a gap in infosec education portswigger.net/daily-swig/sof…

DailySwig's tweet card. One year after the launch of their ethical hacking video channel, Ron Chan, ‘FileDescriptor’, and ‘EdOverflow’ tell The Daily Swig about their approach towards inspiring and educating the hacker...

‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers...

Source: portswigger.net

FD a reposté

Suraj

@PwnFunction

23 avr. 2021

New Video! Binary Exploitation 0x02 Why you should Close Your Files youtu.be/6SA6S9Ca5-U

FD a reposté

PortSwigger Research

@PortSwiggerRes

24 févr. 2021

The top 10 web hacking techniques of 2020, by @albinowax with help from @filedescriptor, @irsdl, @Agarri_FR and the entire community portswigger.net/research/top-1…

PortSwiggerRes's tweet card. Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. Over the past few weeks

Top 10 web hacking techniques of 2020

Source: portswigger.net

FD

@filedescriptor

19 janv. 2021

Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out! github.com/filedescriptor…

filedescriptor's tweet image. Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out!

github.com/filedescriptor…

FD a reposté

Ron Chan

@ngalongc

19 janv. 2021

I have made a video to demonstrate how we can automate permission checks using my GitLab project "OpenAPI Security Scanner". Check it out! youtu.be/K65e5QRQ1tc Video editor: @wacms666

ngalongc's tweet card. Automating Permission Checks Using OpenAPI Security Scanner?

youtube.com

YouTube

Automating Permission Checks Using OpenAPI Security Scanner?

Source: youtube.com

Intigriti

@intigriti

Sam Curry

@samwcyo

Ben Sadeghipour

@NahamSec

JS0N Haddix

@Jhaddix

Gareth Heyes \u2028

@garethheyes

LiveOverflow 🔴

@LiveOverflow

Julien | MrTuxracer 🇪🇺

@MrTuxracer

shubs

@infosec_au

Luke Stephens (hakluke)

@hakluke

bugcrowd

@Bugcrowd

STÖK ✌️

@stokfredrik

H4x0r.DZ 🇰🇵

@h4x0r_dz

Yassine Aboukir 🐐

@Yassineaboukir

James Kettle

@albinowax

Harsh Bothra

@harshbothra_

InfoSec Community

@InfoSecComm

Farah Hawa

@Farah_Hawaa

Bug Bounty Reports Explained

@gregxsunday

HackerOne

@Hacker0x01

Suraj

@PwnFunction

arshiya

@ALLPHAAA7

Hamzah Abdlmotalb Abdullah

@HAbdullah55817

miloin matheu

@khan70056

Hieu Programer

@HieuProgramer

DAli

@TheAliAbdollahi

Swoubfop

@Swoubfop02230

和一

@aishaofuaa

S1ren Head 🇵🇸

@S1renHead_

itsmeashu

@6173687561646d6

Kirolos osama

@ko27182

xploiterr

@_xploiterr

Gabli Mop

@GabliMop60212

maxi

@maxi_rch

Callme_Nafman

@kingladeyoo

sma

@sma_gggg

zzzzzz

@mynameisskool

White dragon

@W199621147

Omar Ahmed

@omarahmad1590

محمود

@ebn_salah

Alireza Nezami

@AlirezaNezami23

Azizullah Zafari

@AzizullahZ7961

Kai to Qiao

@wertikeo

David sharl

@DavidSharl404

777

@VAG33K

Macabely

@Macabely97021

Anupam Jaiswal

@anupamjaiswall

Sēn

@E1_Sec

stealth pointer

@stealthp0inter

Naman Patil

@TheZ3ntinel

saul

@0xCh3ckm4t3

Saumya Agarwal

@SaumyaTechBR

Sen

@senyksia

Gajendra

@gaj3ndra

PandyaMayur

@pandyaMayur11

SOJA

@soja_bang

zayne (zeyu) zhang

@zeyu1337

Shayan

@ShayanAlizadeh_

Isaiah

@Hacker_Ise

Mostafa

@mexic0x00

payIoad

@payioad0x13768

آدَم الفَقِي

@elfaqii

Mokhtar Wael

@mokhtar0x1

Lucy

@lucylovecode

Dark@Joker:~$

@ExploitNest

Omar

@hack3dby0mar

Armia Nessim

@im4x00

Editor4-Affair7

@EAffair752680

Corey Goldstone

@cgfromdc

Goz26

@TvsDa58624

Gareth Heyes \u2028

@garethheyes

LiveOverflow 🔴

@LiveOverflow

James Kettle

@albinowax

Orange Tsai 🍊

@orange_8361

@[email protected]

@SecurityMB

Soroush Dalili

@irsdl

$S1r1u5_'s profile picture. aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}$

s1r1us

@S1r1u5_

$cffsmith's profile picture. Security @Google; @FluxFingers/@Sauercl0ud; previously V8 Security, Intern {Project Zero, @XI_Research}. Personal account. https://t.co/w9zosKSHdh on Bluesky.$